Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7106 | HIGH | 8.8 | The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to … | Apr 27, 2026 |
| CVE-2026-7080 | HIGH | 8.8 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7079 | HIGH | 8.8 | A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of … | Apr 27, 2026 |
| CVE-2026-7078 | HIGH | 8.8 | A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. … | Apr 27, 2026 |
| CVE-2026-7077 | HIGH | 7.3 | A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-3006 | HIGH | 7.0 | Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting … | Apr 27, 2026 |
| CVE-2026-7076 | HIGH | 7.3 | A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7075 | HIGH | 7.3 | A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the … | Apr 27, 2026 |
| CVE-2026-7074 | HIGH | 7.3 | A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7073 | HIGH | 7.3 | A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7072 | HIGH | 7.3 | A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-7071 | MEDIUM | 5.3 | A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The … | Apr 27, 2026 |
| CVE-2026-7070 | HIGH | 7.3 | A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the … | Apr 27, 2026 |
| CVE-2026-7069 | HIGH | 8.0 | A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. … | Apr 27, 2026 |
| CVE-2026-7068 | HIGH | 8.8 | A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to … | Apr 27, 2026 |
| CVE-2026-7067 | HIGH | 7.3 | A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. … | Apr 27, 2026 |
| CVE-2026-7066 | HIGH | 7.3 | A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in … | Apr 27, 2026 |
| CVE-2026-7065 | HIGH | 7.3 | A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload … | Apr 27, 2026 |
| CVE-2026-42363 | CRITICAL | 9.3 | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. … | Apr 27, 2026 |
| CVE-2026-33566 | MEDIUM | 4.3 | There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database … | Apr 27, 2026 |
| CVE-2026-33277 | HIGH | 8.8 | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. | Apr 27, 2026 |
| CVE-2026-7064 | HIGH | 7.3 | A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can … | Apr 26, 2026 |
| CVE-2026-7063 | HIGH | 7.3 | A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a … | Apr 26, 2026 |
| CVE-2026-7062 | HIGH | 7.3 | A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git … | Apr 26, 2026 |
| CVE-2026-7061 | HIGH | 7.3 | A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the … | Apr 26, 2026 |